On Tue, Jun 1, 2021 at 1:47 PM Stephen Satchell <list@satchell.net> wrote:
Before I re-invent the wheel, has anyone come up with blackhole route specifications for netplan in Ubuntu servers? Such a capability would perform the egress blocking for an edge server.
The table of blackhole routes I would set up:
Hi Stephen, I think you may be misunderstanding BCP 38. BCP 38 is about limiting -source- addresses. What you've described is bogon filtering on destination IP addresses. As far as I know, there's no BCP on bogon filtering although BCP 84 offers some relevant advice. BCP 38 is very simple: 1. If your IP address is 1.2.3.4 then drop any Internet-bound packets which purport to be -from- any address which is not 1.2.3.4. 2. If your IP address is 1.2.3.4 then drop any packets FROM the Internet which purport to be -from- 1.2.3.4. That's it! Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/